The vulnerability occurs when the 'ondatasetcomplete' event method of a timeChildren object is referenced. If this occurs when the object is in an inconsistent state, a heap chunk will be freed, and then reused after being freed. This results in an uninitialized VTABLE being used, which can result in the execution of arbitrary code when the pointer is dereferenced.

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the user viewing the web page. To exploit this vulnerability, a targeted user must load a malicious web page created by an attacker. An attacker typically accomplishes this via social engineering or injecting content into compromised, trusted sites. After the user visits the malicious web page, no further user interaction is needed.

--------------------------------------------------------------------------------------------------------------------------------
Evaluate your site's resistance to the installation of malicious code. Have it scanned for vulnerabilities.